TWM648486U - Telecommunication authentication service system - Google Patents

Abstract

A telecommunications authentication service system, including: a multi-authentication module for performing a multi-authentication process, requiring users to provide at least two different authentication methods, one of which is biometric data; an encryption module, including a communication component , the encryption module is electrically connected to the user's mobile communication device and the service provider through the communication element. The encryption module is used to protect the communication between the user's mobile communication device and the service provider, and to protect the transmission during the multi-factor authentication process. sensitive information; a device security module, electrically connected to the encryption module; the device security module is used to regularly perform security updates and scans on the user's mobile communication device; and a risk-based authentication module for analysis User behavior and transaction patterns to identify potential risks and prompt at least one additional authentication factor if necessary. Among them, the multi-factor authentication module includes a biometric authentication module, which is configured to collect, store and authenticate the user's biometric information.

Description

Telecommunications certification service system

The invention relates to the field of telecommunications security, and more specifically, to a multi-authentication service system, which aims to enhance the security of online transactions and services by utilizing security functions such as biometric data and risk-based authentication.

With the rapid expansion of digital services and electronic transactions, ensuring the security and privacy of users' personal and financial information has become an increasingly urgent need. Traditional authentication methods, such as username and password combinations, have proven inadequate in protecting against orchestrated cyberattacks and identity theft. As a result, multi-factor authentication methods have become a more robust solution for authenticating users’ identities and protecting sensitive transactions.

For example, one-time passwords sent via physical tokens combined with text messages have become a popular authentication method. However, these passwords can be easily intercepted by malware or other attacks, such as SIM swapping, compromising the user's device or communications. Additionally, relying on physical tokens or devices can be inconvenient and expensive for users and service providers, while the effectiveness of knowledge-based authentication factors (such as passwords or security questions) can be compromised by inappropriate user actions or data leakage. And damaged.

In addition, existing authentication systems usually adopt a standardized verification method or system that is suitable for all users and transactions, which may not fully meet the different security needs and risk profiles of different users and transactions. Therefore, there is a need for an improved telecommunications authentication service system that provides enhanced security features and adaptive authentication mechanisms to better protect users and service providers from evolving threats and vulnerabilities.

The purpose of this new model is to provide a telecommunications authentication service system that integrates multiple authentication, biometric data authentication, risk-based authentication and other security functions to solve the above limitations.

Based on the above and other purposes, the present invention provides a telecommunications authentication service system that is electrically connected to mobile communication devices of multiple users and at least one service provider. It includes the following components: a multi-authentication module for performing multiple authentications. The process requires the user to provide at least two different authentication methods, one of which is biometric data; an encryption module is electrically connected to the user's mobile communication device and the service provider, and the encryption module is used to protect the user Communication between the mobile communication device and the service provider protects sensitive information transmitted during the multi-factor authentication process; a device security module is electrically connected to the encryption module. The device security module is used to regularly monitor the user's actions. The communication device performs security updates and scans to ensure the integrity of the biometric data collected by the biometric authentication module during the multi-factor authentication process; there is also a risk-based authentication module electrically connected to the encryption module, and the risk-based authentication module The module is used to analyze user behavior and transaction patterns to identify potential risks and prompt at least one additional authentication factor when necessary. Among them, the multi-factor authentication module includes a biometric authentication module, which is configured to collect, store and authenticate at least one user biometric information to provide an additional level of security for the multi-factor authentication process. Moreover, the multi-factor authentication module is electrically connected to the encryption module.

In the above-mentioned telecommunications authentication service system, the multi-factor authentication module is configured to require the user to provide the following combination: a first characteristic data selected from a password, a personal identification code or a security question group, a physical token selected from a second characteristic data in the authentication or encryption key group related to the brand or mobile communication device, and at least one piece of biometric data collected by the biometric authentication module.

In the above-mentioned telecommunications authentication service system, the biometric authentication module is configured to collect and authenticate biometric data selected from a group consisting of fingerprints, facial recognition, voice recognition and iris recognition.

In the above-mentioned telecommunications authentication service system, the encryption module uses end-to-end encryption to protect the communication between the user's mobile communication device and the service provider.

In the above-mentioned telecommunications authentication service system, the risk-based authentication module is configured to prompt the user to provide additional authentication factors based on at least one potential risk identified, including an unusual user behavior or an irregular transaction pattern.

In the above-mentioned telecommunications authentication service system, additional authentication factors include biometric information authenticated by the biometric authentication module.

This new type of telecommunications authentication service system provides multiple authentication modules, biometric authentication modules, encryption modules, device security modules and risk-based authentication modules. These components work together to provide a comprehensive and adaptable security solution that can effectively protect users and service providers from unauthorized access, data leakage and other cyber threats.

In order to make the above-mentioned features and advantages of the present invention more obvious and easy to understand, preferred embodiments are cited below and described in detail with reference to the attached drawings.

100:Telecom authentication service system

110:Multiple authentication module

120:Biometric authentication module

130: Encryption module

140:Device security module

150: Risk based certification module

10:User

20:Service provider

Figure 1 shows a schematic diagram of the new telecommunications authentication service system.

Figure 2 shows a schematic diagram of the application of users, telecommunications authentication service systems, and service providers of the present invention.

Please refer to Figure 1. Figure 1 shows a schematic diagram of the new telecommunications authentication service system. The telecommunications authentication service system aims to enhance the security of online transactions and services by incorporating multi-factor authentication, biometric authentication, risk-based authentication and other advanced security features. The telecommunications authentication service system 100 includes a multi-factor authentication module 110, a biometric authentication module 120, an encryption module 130, a device security module 140, and a risk-based authentication module 150. Among them, the multi-factor authentication module 110 is set to require the user At least two different forms of authentication are provided, one of which is biometric data authenticated by the biometric authentication module 120 . Multi-factor authentication modules can support a variety of other authentication factors, such as passwords, PINs, security questions, physical tokens, mobile communication device-related authentication and encryption keys, etc.

The biometric authentication module 120 is used to collect, store and authenticate the user's biometric information, providing an additional level of security for the multi-factor authentication process performed by the multi-factor authentication module 110 . The biometric authentication module 120 can support a variety of biometric data, including fingerprints, facial recognition, voice recognition, iris recognition, etc.

In addition, the encryption module 130 protects communications between a user's mobile communication device and the service provider by using end-to-end encryption to ensure that sensitive data transmitted during the multi-factor authentication process is protected. In addition, the device security module 140 is configured to enforce regular security updates and scans to ensure the integrity of the biometric data collected by the biometric authentication module 120 during the multi-factor authentication process. Furthermore, the risk-based authentication module 150 analyzes user behavior and transaction patterns to identify potential risks. The risk-based authentication module 150 prompts the user to provide additional authentication factors when necessary, including biometric information authenticated by the biometric authentication module.

Below, each component in the multi-factor authentication module 110 will be introduced in more detail. First, the multi-factor authentication module 110 will be introduced. Multi-factor authentication module 110 enhances security by requiring users to provide at least two different forms of authentication. The various authentication factors required by the multi-authentication module 110 can be divided into three main categories: 1. First characteristic information, which is what the user knows. This category includes knowledge-based authentication factors such as passwords, PINs, and security questions. These factors rely on the user recalling specific information that is not readily available to others; - secondary characteristic information, which is items owned by the user. This category includes authentication factors based on item possession, such as physical tokens, mobile communication device-related authentication and encryption keys, which require users to have physical access to a specific item or device as proof of their identity; A third characteristic data is at least one biometric data of the user. This category relates to inheritance-based authentication factors represented by the biometric data collected by the biometric authentication module 120 . Examples of biometric data include fingerprints, facial recognition, voice recognition, and iris recognition. The multi-factor authentication module 110 combines these authentication factors to create a strong and secure authentication process, ensuring that users must provide multiple identity authentication proofs to access online transactions and services.

In the above, the authentication related to the mobile communication device is, for example, sending a one-time password or a push notification to the user's mobile communication device. The user then needs to enter a one-time password or confirm a push notification to authenticate their identity. Alternatively, mobile communication devices can also store encryption keys or digital certificates to enable secure communications, adding another layer of security to the identity authentication process. Alternatively, a physical token is a small hardware device owned by the user that typically generates a unique and time-limited code or stores an encryption key that is combined with other authentication methods such as a password or PIN Used to verify the user's identity.

One of the unique features of the new multi-factor authentication module 110 is its integration with the biometric authentication module 120 . This integration allows the telecommunications authentication service system 100 to utilize biometric data as one of the required authentication factors, providing a more secure and user-friendly method to authenticate a user's identity. The biometric authentication module 120 collects, stores and authenticates the user's biometric information, such as fingerprint, facial recognition, voice recognition or iris recognition. When the multi-factor authentication process is initiated, the biometric authentication module 120 is prompted to authenticate the user's biometric information as part of the entire authentication process. The biometric authentication module 120 performs identity authentication based on the user's unique biometric information, so it provides a safe and easy-to-use method. The biometric authentication module 120 uses various sensors and input devices (such as fingerprint scanners, facial recognition cameras, voice recognition microphones, or iris recognition cameras) to collect the user's biometric information, and then processes the data and converts it into information that can be used for subsequent authentication. digital format. Once biometric data is collected and digitized, it is securely stored in a database or other appropriate storage medium. It should be noted that the storage of biometric data must comply with strict privacy and data security guidelines to protect users' personal information from unauthorized access or misuse. Later, when the user starts the multiple avatar During the identity authentication process, the biometric authentication module 120 will prompt the user to authenticate the biometric data with the stored biometric data. This authentication process usually involves comparing the real-time biometric data captured during the identity authentication process with the stored biometric data. to confirm the match.

In addition, the use of biometric data for identity authentication raises some privacy and data security issues that must be addressed by the biometric authentication module 120 to ensure the security of the user's personal data. Therefore, there are some key factors that must be considered. For example, biometric data must be stored in a secure manner, using encryption and other data security measures to prevent unauthorized access, data disclosure or other potential threats. In addition, the biometric authentication module 120 should only collect and store the minimum biometric information required to perform the identity authentication process, reducing the potential impact of data leakage or privacy invasion. In addition, strict access control measures must be implemented to ensure that only authorized personnel and systems have access to biometric data to prevent unauthorized access or misuse. Moreover, the biometric authentication module 120 must also comply with relevant privacy regulations and guidelines, such as the European Union's General Data Protection Regulation (GDPR) or other applicable data protection laws, to ensure legal and ethical processing of user personal data.

Next, the encryption module 130 will be introduced, which is an important component of the telecommunications authentication service system 100 and is used to ensure the security of sensitive data transmission between the user's mobile communication device and the service provider. One of the main functions of the encryption module 130 is to implement end-to-end encryption. End-to-end encryption provides the following benefits:

a) Data protection: End-to-end encryption ensures that data during transmission is always encrypted, preventing data from being intercepted or being accessed without authorization during transmission.

b) Privacy: End-to-end encryption encrypts both ends of the communication to protect user privacy and ensure that only the intended recipient can decrypt and access the transmitted data.

c) Identity authentication: End-to-end encryption also provides a certain degree of identity authentication, because only participants with corresponding encryption keys can establish secure communications and confirm the identities of communication participants.

The encryption module 130 utilizes various encryption protocols and algorithms to ensure communication security between the user's mobile communication device and the service provider. The selection of these protocols and algorithms is based on security strength, computational efficiency and factors such as compatibility with the entire system architecture. Some commonly used encryption protocols and algorithms include Advanced Encryption Standard (AES), RSA encryption, SSL and TLS encryption.

In the telecommunications authentication service system 100, the device security module 140 implements regular security updates and scans, which are designed to maintain the security and integrity of the user's mobile communication device. The device security module 140 is responsible for implementing regular security updates and scanning to ensure that the mobile communication device remains protected against potential threats and vulnerabilities. The device security module 140 can perform security updates to ensure that the user's mobile communication device is regularly updated with the latest security patches and firmware updates to resolve known vulnerabilities and improve the overall security of the device. In addition, the device security module 140 enforces regular anti-virus scanning on the user's mobile communication device to detect and remove any malware or viruses that may compromise the multi-factor authentication process or the integrity of the biometric data collected by the biometric authentication module 120 or other malware. In addition, the device security module 140 can also authenticate whether the user's mobile communication device complies with required security standards and policies, such as encryption settings, password complexity, or application whitelisting, to ensure a secure environment for the authentication process.

The risk-based authentication module 150 enhances the security of the multi-factor authentication process by adapting to the user's behavior and transaction patterns. It collects and analyzes user activity data, such as login time, transaction type and device usage pattern, to identify possible risks. and abnormal situations. During the risk-based authentication module 150 data collection and analysis process, data is collected from various sources, such as users' mobile communication devices, service providers and external databases, to build a comprehensive profile of user behavior and transaction patterns. Furthermore, the risk-based certification module 150 can also use machine learning algorithms and artificial intelligence technology to analyze the collected data and identify patterns, trends and anomalies, allowing the system to dynamically adjust its certification requirements based on perceived risks. The risk-based authentication module 150 then assigns a risk score to each activity based on analysis of user behavior and transaction patterns, which is used to determine the appropriate authentication level required for a particular transaction or session.

In addition, the risk-based authentication module 150 will dynamically adjust identity authentication requirements based on identified risks, providing a more secure and user-friendly identity authentication experience. This dynamic adjustment is, for example, based on specific activities The associated risk score may take into account environmental factors, such as the user's location, device or network, to ensure a more targeted and effective security response.

The risk-based authentication module 150 is closely integrated with the biometric authentication module 120 for seamless adaptive authentication based on detected risks. When the risk-based authentication module detects potential risks or anomalies in user behavior and transaction patterns, it can prompt the user to provide biometric information, which is then collected, stored, and authenticated by the biometric authentication module 120. This adaptive authentication process takes advantage of biometric data, providing an additional layer of security and enhancing the overall effectiveness of multi-factor authentication. By collecting and analyzing user behavior and transaction patterns, dynamically adjusting identity authentication requirements, and integrating with biometric authentication modules, the risk-based authentication module 150 significantly enhances the security and effectiveness of the telecommunications authentication service system.

Please refer to Figure 1 and Figure 2 at the same time. Figure 2 illustrates an application diagram of users, telecommunications authentication service systems, and service providers of the present invention. The telecommunications authentication service system 100 includes a multi-factor authentication module 110, a biometric authentication module 120, an encryption module 130, a device security module 140 and a risk-based authentication module 150, which can be used for users 10 and various service providers 20. Enhanced security of online services and applications. In FIG. 2 , the user 10 may be a mobile communication device used by an individual, and the service provider 20 may be a server or server group that provides services. Below, some application examples will be introduced:

1. Online banking and financial services: The telecommunications authentication service system 100 is very suitable for ensuring the security of online banking and financial services, where protecting user privacy information and transaction security is crucial. Through the telecommunications authentication service system 100, banks and financial institutions can ensure a secure environment for customers to access account information, transfer funds, make payments and perform other online banking services. The integration of the biometric authentication module 120 and the risk-based authentication module 150 provides an additional layer of security, allowing for adaptive authentication based on user behavior and transaction patterns.

2. E-commerce and retail platforms: E-commerce and retail platforms can also benefit from the enhanced security provided by the telecommunications authentication service system 100. By implementing the telecommunications authentication service system 100, e-commerce and retail The platform protects customer data, such as payment information and personal details, during the online shopping process. The multi-factor authentication module 110 ensures that the customer must provide at least two different forms of authentication, one of which is the biometric data of the biometric authentication module 120, thereby greatly reducing the risk of unauthorized access and fraud. The Risk Based Authentication Module 150 further enhances security by dynamically adjusting authentication requirements based on customer behavior and transaction patterns.

3. Secure email and communication services: The telecommunications authentication service system 100 can also be used to ensure the security of email and communication services, ensuring that the confidentiality and integrity of transmitted data are maintained. Through the telecommunications authentication service system 100, service providers can provide end-to-end encryption, multi-factor authentication, and adaptive authentication based on user behavior and risk factors. Users can access their email and messaging services securely and feel confident that their data is protected from unauthorized access and potential threats.

The above examples demonstrate the versatility and effectiveness of the telecommunications authentication service system 100 in providing enhanced security for a wide range of online services and applications. By combining the multi-factor authentication module 110, the biometric authentication module 120, the encryption module 130, the device security module 140 and the risk-based authentication module 150, the telecommunications authentication service system 100 provides comprehensive and adaptable solutions for various industries and departments. Security solutions.

Although the present invention has been disclosed above in terms of preferred embodiments, they are not intended to limit the present invention. Anyone with ordinary knowledge in the technical field may make slight changes and modifications without departing from the spirit and scope of the present invention. , therefore, the scope of protection of this new model shall be subject to the scope of the patent application attached.

100:Telecom authentication service system

110:Multiple authentication module

120:Biometric authentication module

130: Encryption module

140:Device security module

150: Risk based certification module

Claims (6)

A telecommunications authentication service system electrically connected to mobile communication devices of multiple users and at least one service provider. The telecommunications authentication service system includes: a multi-authentication module configured to perform a multi-authentication process to require the user to provide At least two different authentication methods, one of which is biometric data; an encryption module electrically connected to the user's mobile communication device and the service provider, the encryption module is used to protect the user's actions Communication between the communication device and the service provider protects sensitive information transmitted during the multi-factor authentication process; a device security module is electrically connected to the encryption module, and the device security module is configured to act on the user The communication device performs regular security updates and scans; and a risk-based authentication module is electrically connected to the encryption module. The risk-based authentication module is used to analyze the user's behavior and transaction patterns to identify potential risks, if necessary When prompting the user to provide at least one additional authentication factor; wherein the multi-factor authentication module includes a biometric authentication module, the biometric authentication module is configured to collect, store and authenticate the biometric information of the user, and the multi-factor authentication The module is electrically connected to the encryption module. The telecommunications authentication service system as described in claim 1, wherein the multi-authentication module is configured to require the user to provide the following combination: a first characteristic information selected from a password, a personal identification code, and a security question. group; a second characteristic data, selected from the group consisting of a physical token, a mobile communication device related authentication, and an encryption key; and a third characteristic data, which is at least one biometric data of the user, consisting of The Biometric Authentication Module Collection. The telecommunications authentication service system as described in claim 1 or claim 2, wherein the biometric authentication module is configured to collect and authenticate biometrics selected from the group consisting of fingerprints, facial recognition, voice recognition and iris recognition. Characteristic data. The telecommunications authentication service system of claim 1, wherein the encryption module uses end-to-end encryption to protect communications between the user's mobile communication device and the service provider. The telecommunications authentication service system as described in claim 1, wherein the risk-based authentication module is configured to prompt the user to provide additional authentication based on at least one potential risk identified, including an unusual user behavior or an irregular transaction pattern. factor. The telecommunications authentication service system according to claim 1 or claim 5, wherein the additional authentication factor includes biometric information authenticated by the biometric authentication module.

Images